Re: [BONDI Architecture & Security] [widgets] new digsig draft

Fri, 27 Mar 2009 11:05:10 -0700 

I think we should remove it.

Also, I revised the e.g. as follows
... undesireable and security relevant effects, such as overwriting of startup or system files. 

regards, Frederick

Frederick Hirsch
Nokia



On Mar 27, 2009, at 2:00 PM, ext Hillebrand, Rainer wrote:


Dear Frederick,

I added my comments inline.

Best Regards,

Rainer

*************************************
T-Mobile International
Terminal Technology
Rainer Hillebrand
Head of Terminal Security
Landgrabenweg 151, D-53227 Bonn
Germany

+49 171 5211056 (My T-Mobile)
+49 228 936 13916 (Tel.)
+49 228 936 18406 (Fax)
E-Mail: rainer.hillebr...@t-mobile.net

http://www.t-mobile.net
This e-mail and any attachment are confidential and may be privileged. If you are not the intended recipient, notify the sender immediately, destroy all copies from your system and do not disclose or use the information for any purpose.
Diese E-Mail inklusive aller Anhänge ist vertraulich und könnte bevorrechtigtem Schutz unterliegen. Wenn Sie nicht der beabsichtigte Adressat sind, informieren Sie bitte den Absender unverzüglich, löschen Sie alle Kopien von Ihrem System und veröffentlichen Sie oder nutzen Sie die Information keinesfalls, gleich zu welchem Zweck. 







T-Mobile International AG
Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/ Chairman) Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/ Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender 
Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB 12276
Steuer-Nr./Tax No.: 205 / 5777/ 0518
USt.-ID./VAT Reg.No.: DE189669124
Sitz der Gesellschaft/ Corporate Headquarters: Bonn




-----Original Message-----

From: Frederick Hirsch [mailto:frederick.hir...@nokia.com]
Sent: Freitag, 27. März 2009 18:55
To: Hillebrand, Rainer
Cc: Frederick Hirsch; marc...@opera.com; WebApps WG
Subject: Re: [BONDI Architecture & Security] [widgets] new
digsig draft

comments inline, thanks for reviewing this


regards, Frederick

Frederick Hirsch
Nokia



On Mar 27, 2009, at 1:26 PM, ext Hillebrand, Rainer wrote:


3. Section 7.3: "The set of acceptable trust anchors, and policy
decisions based on the signer's identity are established through a
security-critical out-of-band mechanism." I do not really

understand

this sentence. This is not subject for the processing rules, isn't
it? What is an acceptable trust anchor? Are they really

established

or may they be established?


knowing  whom you can trust and how to establish that trust
is out of
scope.
RH: Would you like to keep this sentence or delete it? I wonder whether we need to mention the potential use of the KeyInfo which is out-of-scope anyhow.

Reply via email to